Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.114exploits catalogados
31.649CVEs com exploração pública
0testados em laboratório
71.114 exploits
GitHub PoC1
Unauthenticated RCE exploit for Veritas Backup Exec Agent (CVE-2021-27876/77/78) — SHA auth bypass to SYSTEM via NDMP
CVE-2021-27876HIGHsob ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
GitHub PoC2
CVE-2025-54123 Hoverfly Command Injection to RCE PoC
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
GitHub PoC1
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALsob ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
Store vulnerability POC files including CVE-2026-42588 Spring RCE xml payload
CVE-2026-42588HIGH18 jun 2026
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
41RISCO
abrir
GitHub PoC
Root-Level RCE via OS Command Injection in Ivanti Sentry
CVE-2026-10520CRITICAL18 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC
CVE-2025-6254 — Doctreat Core <= 1.6.8 — Unauthenticated Privilege Escalation
CVE-2025-6254CRITICAL18 jun 2026
Doctreat Core <= 1.6.8 - Unauthenticated Privilege Escalation
48RISCO
abrir
VulnCheck XDB
local
CVE-2025-21479HIGHsob ataque18 jun 2026
Incorrect Authorization in Graphics
71RISCO
abrir
VulnCheck XDB
initial-access
CVE-2021-27876HIGHsob ataqueransomware18 jun 2026
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires suc
91RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-42208CRITICALsob ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
VulnCheck XDB
info-leak
CVE-2026-7515CRITICAL18 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISCO
abrir
GitHub PoC1
Unauthenticated Local File Inclusion
CVE-2026-7515CRITICAL18 jun 2026
BetterDocs Pro <= 3.8.0 - Unauthenticated Local File Inclusion via doc_style
48RISCO
abrir
VulnCheck XDB
remote-with-credentials
CVE-2025-54123CRITICAL18 jun 2026
Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation
68RISCO
abrir
VulnCheck XDB
initial-access
CVE-2025-57819CRITICALsob ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
GitHub PoC
HTTP2-Bomb
CVE-2026-49975HIGH18 jun 2026
Apache HTTP Server: mod_http2 denial of service
46RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-10520CRITICAL18 jun 2026
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote
85RISCO
abrir
GitHub PoC
A local lab for studying, reproducing, and verifying the patch for CVE-2026-42208: an unauthenticated SQL injection in LiteLLM's API key authentication path.
CVE-2026-42208CRITICALsob ataque18 jun 2026
LiteLLM: SQL injection in Proxy API key verification
100RISCO
abrir
VulnCheck XDB
initial-access
CVE-2026-39808CRITICALsob ataque18 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RISCO
abrir
GitHub PoC
A PoC/exploit written in python for the unauthenticated SQL injection vulnerability CVE-2026-3359 situated within Form Maker (version <= 1.15.42) by 10Web.
CVE-2026-3359HIGH18 jun 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.42 - Unauthenticated SQL Injection via 'inputs'
41RISCO
abrir
GitHub PoC1
CVE-2026-40369
CVE-2026-40369HIGH18 jun 2026
Windows Kernel Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
Reproduction lab for CVE-2026-54316 (Claude Code WebFetch huggingface.co bare-hostname permission bypass / exfiltration)
CVE-2026-54316MEDIUM18 jun 2026
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
33RISCO
abrir
GitHub PoC7
CVE-2026-50656
CVE-2026-50656HIGH18 jun 2026
Microsoft Defender Elevation of Privilege Vulnerability
41RISCO
abrir
GitHub PoC
A vulnerability in LiteSpeed cPanel Plugin before 2.4.8 and WHM Plugin before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.
CVE-2026-54420HIGHsob ataque18 jun 2026
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provide
71RISCO
abrir
GitHub PoC
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
CVE-2026-48907CRITICALsob ataque18 jun 2026
Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5
100RISCO
abrir
GitHub PoC
Full-chain CVE-2025-57819 PoC for FreePBX 15, 16, and 17: unauthenticated SQLi to RCE and root takeover.
CVE-2025-57819CRITICALsob ataque18 jun 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
100RISCO
abrir
GitHub PoC10
0xCyberstan/CVE-2026-46215-POC
CVE-2026-46215HIGH18 jun 2026
drm: Set old handle to NULL before prime swap in change_handle
41RISCO
abrir
GitHub PoC1
A web version of the bash scripts wrote for Check Point CVE-2026-50751 and CVE-2026-50752. This uses a local server to scan and make changes using Check Point Web API
CVE-2026-50751CRITICALsob ataqueransomware18 jun 2026
User Authentication Bypass in VPN Remote Access and Mobile Access
100RISCO
abrir
GitHub PoC4
Detection scripts, patch checker & hardening guide for CVE-2026-44963 (Veeam B&R RCE)
CVE-2026-44963CRITICAL18 jun 2026
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
48RISCO
abrir
GitHub PoC
Fortinet FortiSandbox 4.4.0-4.4.8 - OS Command Injection via tracer-behavior Endpoint
CVE-2026-39808CRITICALsob ataque18 jun 2026
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F
100RISCO
abrir
GitHub PoC
rootdirective-sec/CVE-2026-49060-Lab
CVE-2026-49060CRITICAL17 jun 2026
WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
48RISCO
abrir
GitHub PoC
segunakinsoyinu/CVE-2024-42009-roundcube-xss
CVE-2024-42009CRITICALsob ataque17 jun 2026
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to stea
100RISCO
abrir
anteriorpágina 21 / 2.371próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.